2-cent Tip: Poisoning the spammers

Ben Okopnik [ben at linuxgazette.net]

Sat, 10 May 2008 13:03:36 -0400

I saw a Web page the other day, talking about a cute idea: since the
spammers are always trawling the Net for links and e-mail addresses, why
not give them some nice ones? For a certain value of "nice", that is...

However, when I looked at the implementation of this idea, the author
had put a "badgeware" restriction on using it - not something I could
see doing - so, I wrote a version of it from scratch, with a few
refinements. Take a look:

A randomly-generated page, with lots of links and addresses - with the
links all pointing back to the script itself (somewhat obscured, so they
don't look exactly the same), so the spammers can harvest even more of
these addresses. Mmm, yummy!

The addresses are made up of a random string "at" a domain made up of
several random words joined together with a random TLD. There is some
tiny chance of it matching a real address, but the probability is pretty
low.

If you want to download this gadget, it's available at
http://okopnik.com/misc/poison.cgi.txt (and, once the next issue of LG
comes out, at 'http://linuxgazette.net/151/misc/lg/poison.cgi.txt'). I
suggest renaming it to something else , and linking to it - the link
doesn't have to be visible [1] - from a few of your real Web pages. If
enough people started doing this, life would become a lot more pleasant.
Well, not for spammers, but that's the whole point...

[1] '<a href="poison.cgi" border="0"> </a>' at the end of a page should
be invisible but still serve the purpose.

Rather than 'article.cgi', I'd prefer that everyone came up with his/her
own name for it. Spammers rely on automated bots, and they're not going
to be looking at the script names - but if these were all named the
same, it would be easy enough for them to block these out. If they're
all different, then we've turned the spammers' favorite trick against
them: instead of us having to analyze their e-mails for human-readable
content, they now have to analyze our Web pages for the same thing.

It's classic security thinking - turning an attack scenario on its head.
Much like El-Al (the Israeli airline) does to prevent sabotage on its
flights: instead of defending a very large target against an attacker
who can pick his approach and method, they interview any passenger that
they deem suspicious by asking a series of 'innocent' questions, and
then "drill down" on any one of them (focus on a question and keep
digging for all relevant - and checkable - details). It's impossible to
have a cover story that goes that deep.